Cheryl on the Web

Sorry folks, but this is going to be a back-to-back Tech Talk post because it is top on my thought list today. I spent the first hour of my workday today troubleshooting a problem with a web application I was testing. What turned out to be the root cause? Read on at your peril.

Unlike Unix- or Linux-based web servers (example: Apache), the Microsoft web server IIS is not case-sensitive when it comes to URL’s. So, www.cherylontheweb.com/test.html and www.cherylontheweb.com/Test.html are one and the same to Microsoft but to other web servers, one will return a “Page not Found” error.

What’s the problem, you ask? Isn’t Microsoft being more user-friendly? Okay, yes, but here’s the catch: the path to which a cookie belongs is case-sensitive. Always. The path of a cookie determines when your web browser gives it to a website. So, if a website gives you a cookie at the url www.cherylontheweb.com/Test/ and you request the url www.cherylontheweb.com/test/, your web browser won’t pass the cookie. On Unix web servers, this isn’t a problem because the 2nd URL would return a Page not Found. But Microsoft IIS happily will give you www.cherylontheweb.com/test even though that URL doesn’t technically exist. And the catch is, any cookies you got from the same location (www.cherylontheweb.com/Test/) will not be available to www.cherylontheweb.com/test/

Sigh. I should have already known this by now given my career but I’ve never really had problems with this before. I’ve had to add a catch to my web application that changes URL’s to the appropriate case - this to guarantee that the session cookie my application requires is always returned.

Anyone still there?